Reputation: 864
How can you implement an anti-cheat in a JS game?
I'm planning to make a web-based game (using three.js and socket.io), and one of my main concerns is protection against cheating.
I know the basics to make a secure game, i.e :
- Never trust the client, client is only for rendering and input capturing
- Put your game logic server-side
- The best anti-cheat is the human
Knowing that, vulnerabilities for which i have no ideas how to be protected are precisely those that concern the client and that the server can't check. For example, as an attacker, i can :
- modify the renderer or shaders to make walls invisible (wallhack)
- modify position of the camera, that is simply in a variable
- inject code that will input for me (aimbot)
In classic games (executables), there are programs that can detects illegals operations. Usually, anti-cheats inspect the assembly and check that no dlls are being injected.
Maybe there is an obfuscator that is specialized in this task (even if it means losing performance) ?
I haven't done all the research yet but I hope that some of you have already been confronted with this problem, and can save me a lot of time by orienting my research.
Thanks a lot
Upvotes: 1
Views: 1890
Answers (1)
Reputation: 105
If you wanna do an "anti-cheat" engine, you'll have to do that. You can add anything you want client-side, to facilitate the server-side work, but you must never trust the client. All Logic you have must be at least server-side. You can reproduce it client-side if you want, but no client-side only solution will do it.
After the basics: If you don't mind wrapping HTTP, then use ExpressJS take a look at this code for express-blacklist and express-defend:
var expressDefend = require('express-defend');
var blacklist = require('express-blacklist');
app.use(blacklist.blockRequests('blacklist.txt'));
app.use(expressDefend.protect({
maxAttempts: 5,
dropSuspiciousRequest: true,
logFile: 'suspicious.log',
onMaxAttemptsReached: function(ipAddress, url){
blacklist.addAddress(ipAddress);
}
}));
as they aren't registered with socket.io, they will be only affected by the Express route
take a look at this: https://github.com/hrt/AnticheatJS
this is a good software you might want to look into: https://www.tuxbihan.org/software/top-05-anti-cheat-software-to-make-fair-for-gamers/
Hope this helps!
Upvotes: 1
Related Questions
- Prevent Cheating on Javascript Game
- Prevent Javascript games tweaking/hacking
- creating an anti cheat in an online web game
- What good ways are there to prevent cheating in JavaScript multiplayer games?
- Securing WebGL game code
- How can i prevent Cheat engine for my single player flash games?
- JavaScript Games and Security
- Preventing cheating for on-line arcade high score board
- cheat prevention for browser based xmlhttp/js/perl/php game
- What are the methods of protecting JavaScript web applications/games?